|
|
ansible是一款自动化运维工具,基于Python开发,集合了众多运维工具(puppet、cfengine、chef、func、fabric)的优点,实现了批量系统配置,批量程序部署,批量运行命令等功能。
ansible是基于模块工作的,本事没有批量部署的能力。真正具有批量部署的是ansible所运行的模块,ansible只是提供一种框架。主要包括:
1、连接插件connection plugins:负责和被监控端进行通信
2、host inventory:指定操作的主机,是一个配置文件里卖弄定义监控的主机
3、各种核心模块、command模块、自定义模块
4、借助于插件完成记录日志邮件等功能
5、playbook:可让slave节点一次执行多个任务
ansible的特性:
1、模块化:调用特定的模块,完成特定任务
2、基于python语言实现,有Paramiko,PyYAML和jinja2三个关键模块
3、部署简单
4、支持自定义模块
5、支持playbook
准备环境
主机名 IP localhost(ansiblemaster) 10.10.86.56 node1(ansibleslave) 10.10.73.148 bogon(ansibleslave) 10.10.73.149 一、ansible的安装
[root@localhost ~]# yum install ansible
##配置文件:/etc/ansible/ansible.cfg
##主机清单:/etc/ansible/hosts
##主程序:ansible、ansible-doc、ansible-playbook
二、ansible免秘钥ssh登陆
root@localhost ~]# ssh-keygen -t rsa -P ''
[root@localhost ~]# ssh-copy-id -i root@10.10.73.148
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
[root@localhost ~]# ssh-copy-id -i root@10.10.73.149
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: WARNING: All keys were skipped because they already exist on the remote system.
##将生产的秘钥推送给slave节点,第一次交互需要(yes/no)
三、主机组自定义
[root@localhost ~]# vim /etc/ansible/hosts
[ansible_agent]
10.10.73.148 ##port
10.10.73.149 ##port
##如果slave的ssh端口不是默认的22,则可在主机后面相应的端口
四、简单测试
获取ansible的常用模块列表
[root@localhost ~]# ansible-doc -l 获取某个模块的用法
[root@localhost ~]# ansible-doc -s COMMAND
##COMMAND:yum、cron、shell、setup、copy......
1、ping
[root@localhost ~]# ansible ansible_agent -m ping ##用来测试远程主机的运行状态
10.10.73.149 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.10.73.148 | SUCCESS => {
"changed": false,
"ping": "pong"
}
2、setup模块
[root@localhost ~]# ansible ansible_agent -m "setup" ##获取远程主机的详情信息 3、command模块
[root@localhost ~]# ansible ansible_agent -m shell -a "ls /tmp"
10.10.73.149 | SUCCESS | rc=0 >>
ansible_Z1xG26
wtc
10.10.73.148 | SUCCESS | rc=0 >>
ansible_6SQ3_D
report.sh
wtc.txt
4、shell模块
[root@localhost ~]# ansible ansible_agent -m shell -a "echo wxpp | passwd --stdin wtc"
10.10.73.148 | SUCCESS | rc=0 >>
Changing password for user wtc.
passwd: all authentication tokens updated successfully.
10.10.73.149 | SUCCESS | rc=0 >>
更改用户 wtc 的密码 。
passwd: 所有的身份验证令牌已经成功更新。
###ansible是要支持管道命令,必须要使用shell模块;同时想要支持shell特性,必须要使用shell模块
5、copy模块
(1)src= dest=
(2)content= dest=
(3)owner:指明属主
(4)group:指明数组
(5)mode:指明权限
[root@localhost tmp]# ansible ansible_agent -m copy -a "src=/tmp/wxpp.txt dest=/tmp mode=665" ##复制本地的"wxpp.txt"文件至远程主机上
10.10.73.148 | SUCCESS => {
"changed": true,
"checksum": "7641dc777dc18a1c2dfa3429aa8009c12c566913",
"dest": "/tmp/wxpp.txt",
"gid": 0,
"group": "root",
"mode": "0665",
"owner": "root",
"path": "/tmp/wxpp.txt",
"size": 36,
"state": "file",
"uid": 0
}
10.10.73.149 | SUCCESS => {
"changed": true,
"checksum": "7641dc777dc18a1c2dfa3429aa8009c12c566913",
"dest": "/tmp/wxpp.txt",
"gid": 0,
"group": "root",
"mode": "0665",
"owner": "root",
"path": "/tmp/wxpp.txt",
"size": 36,
"state": "file",
"uid": 0
}
[root@localhost tmp]# ansible ansible_agent -m shell -a "cat /tmp/wxpp.txt" ##追加指定的文本至远程主机中
10.10.73.149 | SUCCESS | rc=0 >>
wtc sent a bouquet of roses to wxpp
10.10.73.148 | SUCCESS | rc=0 >>
wtc sent a bouquet of roses to wxpp
[root@localhost tmp]# ansible ansible_agent -m copy -a "content='\nHello World' dest=/tmp/wxpp.txt"
10.10.73.149 | SUCCESS => {
"changed": true, }
10.10.73.148 | SUCCESS => {
"changed": true, }
[root@localhost tmp]# ansible ansible_agent -m shell -a "cat /tmp/wxpp.txt"
10.10.73.149 | SUCCESS | rc=0 >>
Hello World
10.10.73.148 | SUCCESS | rc=0 >>
Hello World
##content是覆盖文件源内容,使用时注意
6、cron模块
(1)month=
(2)day=
(3)hour=
(4)weekday=
(5)minute=
(6)job= ##指明运行的命令是什么
(7)name= ##指明定时任务描述
(8)state ##指定状态,prsent表示添加定时任务,也是默认值。absent表示删除定时任务
(9)user ##指明以那个用户的身份执行
[root@localhost ~]# ansible ansible_agent -m shell -a "ls /var/spool/cron/"
10.10.73.149 | SUCCESS | rc=0 >>
root
10.10.73.148 | SUCCESS | rc=0 >>
root
[root@localhost ~]# ansible ansible_agent -m cron -a "minute='*/1' job='/usr/sbin/ntpdate 10.10.86.56 &> /dev/null' user=wtc name='Wtc Job'"
10.10.73.149 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Wtc Job"
]
}
10.10.73.148 | SUCCESS => {
"changed": true,
"envs": [],
"jobs": [
"Wtc Job"
]
}
[root@localhost ~]# ansible ansible_agent -m shell -a "cat /var/spool/cron/wtc"
10.10.73.149 | SUCCESS | rc=0 >>
#Ansible: Wtc Job
*/1 * * * * /usr/sbin/ntpdate 10.10.86.56 &> /dev/null
10.10.73.148 | SUCCESS | rc=0 >>
#Ansible: Wtc Job
*/1 * * * * /usr/sbin/ntpdate 10.10.86.56 &> /dev/null
7、file模块:
(1)创建链接文件:src=、path=、state=
(2)修改文件属性:path=、owner=、mode=、group=
(3)创建目录:path=、state=
(4)state
directory:如果目录不存在,则会创建
link:创建软链接
hard:创建硬链接
touch:如果文件不存在,则会创建。如果文件存在,则修改mtime
absent:删除目录、文件、取消链接
[root@localhost ~]# ansible ansible_agent -m file -a "src=/etc/fstab path=/tmp/fstab.link state=link"
10.10.73.148 | SUCCESS => {
"changed": true,
"dest": "/tmp/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/fstab",
"state": "link",
"uid": 0
}
10.10.73.149 | SUCCESS => {
"changed": true,
"dest": "/tmp/fstab.link",
"gid": 0,
"group": "root",
"mode": "0777",
"owner": "root",
"size": 10,
"src": "/etc/fstab",
"state": "link",
"uid": 0
}
[root@localhost ~]# ansible ansible_agent -m shell -a "ls /tmp"
10.10.73.149 | SUCCESS | rc=0 >>
ansible_TdmFaK
fstab.link
wtc
wxpp.txt
10.10.73.148 | SUCCESS | rc=0 >>
ansible_1oUVuk
fstab.link
report.sh
wtc.txt
wxpp.txt
[root@localhost ~]# ansible ansible_agent -m file -a "path=/tmp/fstab.link state=absent"
10.10.73.149 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.link",
"state": "absent"
}
10.10.73.148 | SUCCESS => {
"changed": true,
"path": "/tmp/fstab.link",
"state": "absent"
}
[root@localhost ~]# ansible ansible_agent -m shell -a "ls /tmp"
10.10.73.148 | SUCCESS | rc=0 >>
ansible_jTgQOI
report.sh
wtc.txt
wxpp.txt
10.10.73.149 | SUCCESS | rc=0 >>
ansible_CuFRGA
wtc
wxpp.txt
8、更多模块(ansible-doc -l)
fetch模块:拉取远程主机的文件到本地(拉取的只能是文件,但是拉取到本地之后是目录,以"hosts"文件中名字命名
hostname模块:管理主机名
yum模块:给远程主机安装应用、卸载程序
service模块:管理远程主机上的服务
user模块:管理用户的账号、密码
group模块:管理系统用户组
总结:
1、ansible是基于ssh无密钥登陆的,只限于当前用户。如果是"wtc"用户创建ansible秘钥并推送至远程主机,则使用"root"用户推送命令则需使用密码
2、对于"shell"模块,个人认为它可以实现多数模块的功能,只要能用命令表达式表达出来即可,例如:
ansible ansible_agent -m shell -a "yum install httpd"
ansible ansible_agent -m shell -a "service httpd start"
ansible ansible_agent -m shell -a "echo 'wtc sent a bouquet of roses to wxpp' &>> /tmp/wxpp.txt"
ansible ansible_agent -m shell -a "ln -sv /etc/fstab /tmp/fstab.link" |
|
QQ群⑧:
窥视卡
雷达卡
发表于 2018-7-30 07:00:21
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡